Almost every organisation faced mobile cyber-threats in 2020, according to a new report from Check Point Software, as moves towards remote working pushed mobile security to the forefront of concern for CISOs.
The report was based on data collected from 1,800 organisations from January 1 to December 31 of last year.
97% of these organisations globally experienced mobile attacks from multiple attack vectors, Check Point says, and 93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.
Mobile threats also extended to apps: 46% of organisations surveyed had at least one employee download a malicious mobile app which subsequently threatened the organisation’s network or data.
And at least 40% of mobile devices are vulnerable, Check Point says, due to flaws in their chipsets.
“As we have seen in 2020, the mobile threat landscape has continued to expand with almost every organisation now having experienced an attack,” says Check Point Software vice president of threat prevention Neatsun Ziv.
“And there are more complex threats on the horizon. Cybercriminals are continuing to evolve and adapt their techniques to exploit our growing reliance on mobiles.
“Enterprises need to adopt mobile security solutions which seamlessly protect devices from today’s advanced cyber threats, and users should be careful to use only apps from official app stores to minimise their risk.”
Check Point’s report outlined several other notable concerns regarding mobile threats. One such concern is the rise of mobile malware: In 2020, the company found a 15% increase in banking Trojan activity, where users’ mobile banking credentials are at risk of being stolen.
In many cases, cyber attackers spread mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers, often hiding the malware in apps that claim to offer COVID-19 related information.
Instances of advanced persistent threat (APT) groups targeting mobile devices have also shot up, according to Check Point. Individuals’ mobiles are a very attractive target for various APT groups, such as Iran’s Rampant Kitten, which has conducted elaborate and sophisticated targeted attacks to spy on users and steal sensitive data.
The report also revealed Check Point’s discovery in 2020 of a new attack, in which threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75% of its managed mobile devices – exploiting the solution, which is intended to control how mobiles are used within the enterprise.